Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5."

Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."

Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection.This issue affects Online Collection: before v.1.0.2.

Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php.

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php".

Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."

Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.

In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.

In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.

In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.

An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.

An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.